WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4792)

Description

The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.

Remediation

References

Related Vulnerabilities

WordPress Plugin Sticky Popup Cross-Site Scripting (1.2)

WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Security Bypass (3.6.0)

WordPress Plugin Web to Print Online Designer Security Bypass (2.3.0)

MySQL CVE-2018-3066 Vulnerability (CVE-2018-3066)

Django Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-31542)

Severity

Medium

Classification

CVE-2008-4792 CWE-264

Tags

Missing Update Known Vulnerabilities